Hi, I have a SonicWALL firewall in front of my mail server. It has its Intrusion Protection Service turned on. Now I am getting an alert from the firewall:
11/05/2005 01:11:19.416 - Alert - Intrusion Prevention - IPS Prevention Alert: SMTP Content-Transfer-Encoding overflow attempt, SID: 743, Priority: Medium - 209.191.68.173, Which points to: 209.191.68.173 PTR record: web34809.mail.mud.yahoo.com. And when I look up the SMTP error this is what it says The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special "NOCHAR" control value, allowing attackers to cause a denial of service and possibly execute arbitrary code via a buffer overflow attack using messages, a different vulnerability than CAN-2002-1337. References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0161 http://www.cert.org/advisories/CA-2003-12.html Since the firewall rejects it at the perimeter it never makes it to IMail/Declude. Obviously some piece of mail is trying to come in and failing. Does anyone else have any experience about this type of a problem? I can just ignore it and it will finally go away but I am sort of surprised that a Yahoo mail server would have this vulnerability when there is a patch for it. Any thoughts on this? Thanks Goran Jovanovic Omega Network Solutions --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
